Head of Identity Threat Labs at Segura®
10
Talks Delivered
8
Events Spoken At
4
Countries Visited
3
Years Speaking
10
Total Talks Given
I’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate.
International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others.
I’ve served as University Professor in Master Degree - Portugal and Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
Areas of Expertise
Presentation Types
Audience Types
The purpose of this presentation, it was to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by CrowdStrike, this document brings the result of the defensive security analysis with an offensive mindset using reverse shell techniques to gain the access inside the victim’s machine and after that performing a Malware in VBS to infected the victim machine through use some scripts in PowerShell to call this malware, in our environment.
Regarding the test performed, the first objective it’s to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by Signatures, NGAV and Machine Learning, running this script, the idea is to use the reverse shell technique to gain access on the victim’s machine. After the execute this attack, the the second objective consists in perfoming the PowerShell Script to run this script, to download a VBS Malicious file on the victim’s machine and execute itself, calling this malware provided through Malwares Bazaar by API request.
With the final product, the front responsible for the product will have an instrument capable of guiding a process of mitigation and / or correction, as well as optimized improvement, based on the criticality of risks.
